code Archives

Winsage

May 16, 2026

Windows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026

On May 14, Pwn2Own Berlin 2026 began, where researchers earned ,000 for 24 unique zero-day vulnerabilities. Cheng-Da Tsai, also known as Orange Tsai, achieved a significant Edge sandbox escape, earning ,000, and later exploited Microsoft Exchange for remote code execution, earning an additional ,000. Tsai accumulated 17.5 Master of Pwn points, contributing to DEVCORE's lead with ,000 in total earnings. Other researchers, including Angelboy and TwinkleStar03, earned ,000 for an Improper Access Control vulnerability, while Marcin Wiązowski and Kentaro Kawane also contributed successful exploits. By the end of Day One, DEVCORE led with ,000, and the event featured a prize pool exceeding ,000,000 across 31 targets. As of Day Two, a total of ,750 had been awarded for 39 unique vulnerabilities, with DEVCORE leading at 40.5 points and ,000 in earnings.

AppWizard

May 16, 2026

Wizard Alchemy codes (May 2026)

Roblox has launched a free player-versus-environment (PvE) wizard game called Wizard Alchemy, where players can battle Dwarf soldiers and collect loot. The game features an alchemical system where players gather reagents to create magical concoctions. Current codes for Wizard Alchemy include "RELEASE" and "WIZARD," both providing five race rolls. To redeem codes, players must launch the game, access the settings via the gear icon, enter a code in the 'Redeem code' box, and click 'Claim.' Players can reroll races by selecting the 'Stat' button, then 'Race,' followed by 'Race Menu' to access the reroll screen. New codes can be found on the game's Roblox page or through the Wizard Alchemy Discord server, which is expected to be a primary source for future codes.

Winsage

May 15, 2026

Improving Windows quality: Making Taskbar and Start more personal

Microsoft is enhancing the Windows experience by focusing on performance, reliability, and craftsmanship, with a commitment to transparency about updates. The Start menu and taskbar are receiving particular attention, with new customization options being introduced for users in the Experimental channel. Users can now reposition the taskbar to any edge of the screen, customize icon alignment, and view every window at a glance with ungrouped icons. A more compact taskbar option will also be available for smaller screens. The Start menu will feature section-level toggles for easier customization, separate controls for file recommendations, size settings, and the option to hide user names for privacy. The Recommended section will be renamed Recent to better reflect its purpose. These features will be gradually rolled out, with user feedback being encouraged through the Feedback Hub.

Winsage

May 15, 2026

Windows DNS Client Security Flaw Exposes Systems to Remote Code Execution

Windows systems are threatened by a vulnerability in the Windows DNS Client, identified as CVE-2026-41096, which allows remote code execution without user intervention. It has a CVSS base score of 9.8, indicating high severity. The flaw is a heap-based buffer overflow in the dnsapi.dll component, enabling unauthenticated remote attackers to execute arbitrary code. Exploitation requires sending a specially crafted DNS response to a vulnerable system, potentially leading to complete control over the host. Affected systems include supported versions of Windows 11 and Windows Server 2022/2025. Microsoft released security updates on May 12, 2026, and administrators are advised to apply these patches and reboot systems. Despite the severity, Microsoft currently classifies exploitation as “Exploitation Unlikely,” with no known public exploits or in-the-wild attacks.

Tech Optimizer

May 15, 2026

From commit to cloud: Powering what’s next for PostgreSQL

PostgreSQL is widely used across various industries, supported by Microsoft through significant investments, including 345 commits to the latest release and a dedicated team of contributors. It is recognized for its ability to handle complex production challenges, such as transactional integrity and concurrency management. Microsoft operates PostgreSQL globally, informing upstream contributions based on real-world deployment experiences. The database is increasingly integrated into AI applications, with Azure Database for PostgreSQL and Azure HorizonDB focusing on AI functionalities. Microsoft offers multiple deployment models to accommodate different workload needs, including Azure Database for PostgreSQL for open-source workloads and Azure HorizonDB for cloud-native systems. Recent contributions from Microsoft include enhancements in asynchronous I/O, vacuum behavior, and query planning. Azure HorizonDB is designed for high-throughput, low-latency systems requiring horizontal scaling. Microsoft also invests in developer tools, such as a Visual Studio Code extension for PostgreSQL, and sponsors PostgreSQL conferences and user groups globally.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.

Winsage

May 14, 2026

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the inaugural day of Pwn2Own Berlin 2026, a total of ,000 was awarded to security researchers for exploiting 24 unique zero-day vulnerabilities. Orange Tsai earned ,000 for chaining four logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was targeted by Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane, each earning ,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti earned ,000 for rooting Red Hat Linux for Workstations and an additional ,000 for a zero-day in the NVIDIA Container Toolkit. Other notable exploits included k3vg3n earning ,000 for taking down LiteLLM, Satoki Tsuji and haehae earning ,000 for exploiting NVIDIA Megatron Bridge zero-days, Compass Security and maitai earning ,000 each for hacking OpenAI's Codex, haehae earning ,000 for a Chroma zero-day, and STARLabs SG earning ,000 for exploiting a LM Studio zero-day. The DEVCORE Research Team leads the competition with ,000 in earnings, followed by Valentina Palmiotti with ,000. The contest is held at the OffensiveCon conference from May 14 to May 16, with over ,000,000 in cash and prizes available. Participants must target fully patched products and demonstrate arbitrary code execution. Vendors have a 90-day window to release security fixes after zero-day flaws are disclosed. Last year, the TrendMicro Zero Day Initiative awarded ,078,750 for 29 zero-day vulnerabilities.

Winsage

May 14, 2026

Dell confirms its SupportAssist software causes Windows BSOD crashes

Dell's SupportAssist software is causing blue-screen crashes on certain Windows systems, attributed to a recent update to the SupportAssist Remediation service, specifically version 5.5.16.0. Users experiencing these crashes are advised to uninstall or disable the service to resolve the issue. Dell has acknowledged the problem and is working on a solution. Uninstalling the service may result in the loss of system repair points created by Dell OS SupportAssist Recovery. Users still facing issues after uninstallation should contact Dell support. This incident follows previous software challenges faced by Dell, including blue screens from earlier SupportAssist versions and BIOS updates that prevented some laptops from booting. Additionally, vulnerabilities have been identified in the BIOSConnect feature of Dell SupportAssist, posing security risks.

Winsage

May 14, 2026

Microsoft pits more than 100 AI agents against each other to find Windows vulnerabilities

Microsoft has introduced MDASH (Multi-Model Agentic Scanning Harness), a security solution that uses over 100 specialized AI agents to identify software vulnerabilities. On May 12, 2026, MDASH identified 16 new vulnerabilities (CVEs) in the Windows networking and authentication stack, four of which were critical, including remote code execution vulnerabilities in tcpip.sys, ikeext.dll, netlogon.dll, and dnsapi.dll. Ten of these vulnerabilities can be accessed over the network without authentication. MDASH operates through a four-stage pipeline: analyzing source code, scrutinizing for suspicious elements, debating the exploitability of issues, and attempting to exploit vulnerabilities. The system is model-agnostic and allows integration of new models and domain-specific knowledge. MDASH scored 88.45 percent on the CyberGym benchmark, ranking first among competitors, although the comparison may not be entirely fair as it contrasts a comprehensive framework with individual models. The models used to achieve this score are not specified. MDASH is supported by Microsoft's Autonomous Code Security Team and is currently in a limited private preview for select customers.

AppWizard

May 14, 2026

Galaxy Tab S12 series? Samsung app reveals Dimensity 9500 device is coming (APK teardown)

Samsung plans to use the MediaTek Dimensity 9500 chip in its upcoming Galaxy Tab S12 series, moving away from the traditional Snapdragon processors. The Dimensity 9500, identified by its model number MT6993, is linked to various innovative features in Samsung's AI core application, including AI-generated wallpapers, image expansion capabilities, generative editing tools, and image harmonization techniques. While the Dimensity 9500 may not match the Snapdragon 8 Elite Gen 5 in CPU performance, it is noted for its gaming performance and lower temperatures during extended use, making it a suitable choice for Samsung's new devices.